The Zodiac’s serial killer’s 340 cipher, which could not be solved for 50 years, has been cracked by a remote team of mathematicians.
A remote team of 3 hobbyist cryptologists have solved one of the Zodiac Killer’s cipher after a half century.
While the name of the elusive serial killer remains hidden, the breakthrough represents a triumph for cryptology & the basic building blocks of cyber-security — access control & segmentation.
The Zodiac serial killer is believed to have murdered at least 5 people & likely more — in & around the Northern California area in the late 1960s & early 1970s.
The still-unnamed murderer sent a series of 4 coded messages to local newspaper outlets, bragging about his crimes & containing cryptic icons, which earned him the nickname “Zodiac”.
The 340 Cipher
The 1st cipher was quickly decoded. But the 2nd, the 340 Cipher, named after its 340 characters, was harder to figure out — until this week, nearly 50 years later, when an unlikely team of cryptographers broke the code.
This cipher was sent to the offices of the San Francisco Chronicle in 1969. David Oranchak, a web designer based in Virginia, has been trying to solve it for 14 years — but a breakthrough remote collaboration with other code breakers was the key.
650,000 Possible Ways
Oranchak made some YouTube videos about the cipher which attracted the others to the project.
Building off Oranchak’s work, Australian-based mathematician Sam Blake calculated that there were 650,000 possible ways to read the code, & Jarl Van Eycke, whose day job is as a warehouse operator in Belgium, wrote the code-breaking software, according to a Vice report & interview with Oranchak.
“When I watched those, I thought ‘This is a really good analytical approach that he’s taken to try to solve this.’ And I sort of saw a couple of things that I thought might be interesting for him to try,” Blake told Vice in a recent interview. “So, I reached out to him originally through a YouTube comment, & then we got chatting, & it went from there.
I got serious about it in March of this year, & we spent a lot of time on it between March & now, just going through, having no success, no success, no success. Then…we just started to piece it together.”
He explained the appeal of Oranchak’s approach as “algorithmic,” in the interview
“There’s been a lot of solutions in the past that have required artistic creativity and a lot of bending & massaging of the cipher in order to get it to make a few legible words… then something like a sentence, and often then the name of somebody who could be associated with the case,” Blake observed.
“What we did was a very different approach to that. We looked at different possible ways you could read the cipher—what other reading directions could they have taken in terms of trying to write it out—and we then ran them through super-computers and looked for a solution in that direction.”
According to Oranchak and team, the message reads:
“I HOPE YOU ARE HAVING LOTS OF FUN IN TRYING TO CATCH ME THAT WASNT ME ON THE TV SHOW WHICH BRINGS UP A POINT ABOUT ME I AM NOT AFRAID OF THE GAS CHAMBER BECAUSE IT WILL SEND ME TO PARADICE ALL THE SOONER BECAUSE I NOW HAVE ENOUGH SLAVES TO WORK FOR ME WHERE EVERYONE ELSE HAS NOTHING WHEN THEY REACH PARADICE SO THEY ARE AFRAID OF DEATH I AM NOT AFRAID BECAUSE I KNOW THAT MY NEW LIFE IS LIFE WILL BE AN EASY ONE IN PARADICE DEATH”
The group has been officially recognised by the FBI for breaking the cipher.
“The FBI is aware that a cipher attributed to the Zodiac Killer was recently solved by private citizens,” Cameron Polan, spokeswoman for the FBI’s San Francisco office told The Chronicle. “The Zodiac Killer case remains an ongoing investigation for the FBI San Francisco division and our local law-enforcement partners.”
The statement concluded, that “out of respect for the victims & their families, we will not be providing further comment at this time.”
The key, says Blake was looking at other directions the cipher could be read, & processing those with the 650,000 possibilities through a super-computer at the University of Melbourne, he added.
1950s US Army Cryptography
The scheme, Blake added, can be found in a 1950s US Army cryptography field manual, but Zodiac wrote the code so that it needed to be read diagonally. But what made it nearly impossible to crack was actually an error that he made.
“So, he had a pattern in the way in which he was writing out where he would go 1 row down, 2 columns across, write a letter; then go 1 row down, 2 columns across and write a letter, & so on,” Blake told Vice. “And in that 2nd segment, at some stage—it looks like an accident—instead of going 1 row down, 2 columns across he has just gone 1 down,1 across. That broke the symmetry.”
2 of Zodiac’s ciphers remain unsolved.
Besides the historical break in a 50-year-old murder case, the back-to-basics cryptographic feat serves as a reminder about the importance of tried-&-true fundamentals when it comes to cybersecurity, according to Fortinet CISO Phil Quade.
“The backbone of the science of cyber-security is built from cryptography, access control and segmentation,” Quade suggested in his 2019 book, The Digital Big Bang.
“As a science, practice & discipline, cyber-security has only a few silver bullets. For now, cryptography is the rare exception, a simple powerful way to provide substantial protection against the ‘torrential downpour’ of cyber-attacks. But while cryptography remains 1 of cyber-security’s most powerful tools today, we must always prepare for the risks we will face tomorrow.”
Every time there is a new “cipher” (i.e., cryptographic algorithm), others will try to break it. Also vice versa. Earlier in Dec, researchers claimed a breakthrough in the ‘arms race’ that cryptography has become.
Researchers from the University of Science & Technology of China explained in the journal Science claimed quantum supremacy: they were able to get a system they named ‘Jiuzhang’ to perform a calculation in minutes that would have taken a traditional super-computer an estimated 10,000 years to solve.
The security concern is that quantum computers will be able to crack RSA public key cryptography, used to protect data in transit.
That means security teams will have to move to new post-quantum cryptography solutions. A conservative estimate from a 2019 DigiCert report said teams will need to have protections from quantum computing breaches in place by 2022.